← Back to branch summary

~ubuntu-branches/ubuntu/natty/freeradius/natty-updates

« back to all changes in this revision

Viewing changes to src/modules/rlm_sql/rlm_sql.c

  • Committer: Bazaar Package Importer
  • Author(s): Josip Rodin
  • Date: 2009-11-23 03:57:37 UTC
  • mfrom: (1.2.1 upstream)
  • mto: This revision was merged to the branch mainline in revision 28.
  • Revision ID: james.westby@ubuntu.com-20091123035737-zsgtzhfych8hir68
Tags: 2.1.7+dfsg-1
http://bugs.debian.org/536623
http://bugs.debian.org/513484
http://bugs.debian.org/526175
http://bugs.debian.org/533396
http://bugs.debian.org/550143
* Adopting the package, closes: #536623.
* New upstream version, closes: #513484.
  + Fixes the blooper in unlang evaluation logic, closes: #526175.
* Used quilt (and added README.source), and moved upstream file patching
  into debian/patches/. The source is no longer in collab-maint git
  (to make it simpler for me to finally get this out the door), but
  kept the .gitignore should we need that again.
* Dropped the dialup_admin/bin/backup_radacct patch (integrated upstream).
* Dropped the raddb/Makefile patch (problem no longer exists upstream).
* Dropped the lib/packet.c lib/radius.c main/listen.c patches (was from
  upstream 2.0.5 anyway).
* Dropped references to otp.conf, it no longer exists upstream.
  Keep removing the conffile statoverride in prerm.
* Dropped references to snmp.conf, it no longer exists upstream.
  Keep removing the conffile statoverride in prerm.
* Ship /etc/freeradius/modules/* in the freeradius package.
* Stop shipping sites-enabled symlinks in the package and instead create
  them only on initial install, thanks to Matej Vela, closes: #533396.
* Add export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" to the init script
  at the request of John Morrissey, closes: #550143.
* Stop installing /var/run/freeradius in the package to silence Lintian.
  The init script already recreates it at will.
* Remove executable bit from example.pl to silence Lintian.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/modules/rlm_sql/rlm_sql.c
2
2
 * rlm_sql.c            SQL Module
3
3
 *              Main SQL module file. Most ICRADIUS code is located in sql.c
4
4
 *
5
 
 * Version:     $Id: rlm_sql.c,v 1.179 2008/04/29 08:10:37 aland Exp $
 
5
 * Version:     $Id$
6
6
 *
7
7
 *   This program is free software; you can redistribute it and/or modify
8
8
 *   it under the terms of the GNU General Public License as published by
24
24
 */
25
25
 
26
26
#include <freeradius-devel/ident.h>
27
 
RCSID("$Id: rlm_sql.c,v 1.179 2008/04/29 08:10:37 aland Exp $")
 
27
RCSID("$Id$")
28
28
 
29
29
#include <freeradius-devel/radiusd.h>
30
30
#include <freeradius-devel/modules.h>
61
61
         offsetof(SQL_CONFIG,deletestalesessions), NULL, "yes"},
62
62
        {"num_sql_socks", PW_TYPE_INTEGER,
63
63
         offsetof(SQL_CONFIG,num_sql_socks), NULL, "5"},
 
64
        {"lifetime", PW_TYPE_INTEGER,
 
65
         offsetof(SQL_CONFIG,lifetime), NULL, "0"},
 
66
        {"max_queries", PW_TYPE_INTEGER,
 
67
         offsetof(SQL_CONFIG,max_queries), NULL, "0"},
64
68
        {"sql_user_name", PW_TYPE_STRING_PTR,
65
69
         offsetof(SQL_CONFIG,query_user), NULL, ""},
66
70
        {"default_user_profile", PW_TYPE_STRING_PTR,
70
74
        {"authorize_check_query", PW_TYPE_STRING_PTR,
71
75
         offsetof(SQL_CONFIG,authorize_check_query), NULL, ""},
72
76
        {"authorize_reply_query", PW_TYPE_STRING_PTR,
73
 
         offsetof(SQL_CONFIG,authorize_reply_query), NULL, ""},
 
77
         offsetof(SQL_CONFIG,authorize_reply_query), NULL, NULL},
74
78
        {"authorize_group_check_query", PW_TYPE_STRING_PTR,
75
79
         offsetof(SQL_CONFIG,authorize_group_check_query), NULL, ""},
76
80
        {"authorize_group_reply_query", PW_TYPE_STRING_PTR,
103
107
         offsetof(SQL_CONFIG,allowed_chars), NULL,
104
108
        "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"},
105
109
 
 
110
        /*
 
111
         *      This only works for a few drivers.
 
112
         */
 
113
        {"query_timeout", PW_TYPE_INTEGER,
 
114
         offsetof(SQL_CONFIG,query_timeout), NULL, NULL},
 
115
         
106
116
        {NULL, -1, 0, NULL, NULL}
107
117
};
108
118
 
128
138
/*
129
139
 *      sql xlat function. Right now only SELECTs are supported. Only
130
140
 *      the first element of the SELECT result will be used.
 
141
 *
 
142
 *      For other statements (insert, update, delete, etc.), the
 
143
 *      number of affected rows will be returned.
131
144
 */
132
145
static int sql_xlat(void *instance, REQUEST *request,
133
146
                    char *fmt, char *out, size_t freespace,
140
153
        char sqlusername[MAX_STRING_LEN];
141
154
        size_t ret = 0;
142
155
 
143
 
        DEBUG("rlm_sql (%s): - sql_xlat", inst->config->xlat_name);
 
156
        RDEBUG("sql_xlat");
 
157
 
144
158
        /*
145
159
         * Add SQL-User-Name attribute just in case it is needed
146
160
         *  We could search the string fmt for SQL-User-Name to see if this is
160
174
        sqlsocket = sql_get_socket(inst);
161
175
        if (sqlsocket == NULL)
162
176
                return 0;
 
177
 
 
178
        /*
 
179
         *      If the query starts with any of the following prefixes,
 
180
         *      then return the number of rows affected
 
181
         */
 
182
        if ((strncasecmp(querystr, "insert", 6) == 0) ||
 
183
            (strncasecmp(querystr, "update", 6) == 0) ||
 
184
            (strncasecmp(querystr, "delete", 6) == 0)) {
 
185
                int numaffected;
 
186
                char buffer[21]; /* 64bit max is 20 decimal chars + null byte */
 
187
 
 
188
                if (rlm_sql_query(sqlsocket,inst,querystr)) {
 
189
                        radlog(L_ERR, "rlm_sql (%s): database query error, %s: %s",
 
190
                                inst->config->xlat_name, querystr,
 
191
                                (inst->module->sql_error)(sqlsocket,
 
192
                                                          inst->config));
 
193
                        sql_release_socket(inst,sqlsocket);
 
194
                        return 0;
 
195
                }
 
196
               
 
197
                numaffected = (inst->module->sql_affected_rows)(sqlsocket,
 
198
                                                                inst->config);
 
199
                if (numaffected < 1) {
 
200
                        RDEBUG("rlm_sql (%s): SQL query affected no rows",
 
201
                                inst->config->xlat_name);
 
202
                }
 
203
 
 
204
                /*
 
205
                 *      Don't chop the returned number if freespace is
 
206
                 *      too small.  This hack is necessary because
 
207
                 *      some implementations of snprintf return the
 
208
                 *      size of the written data, and others return
 
209
                 *      the size of the data they *would* have written
 
210
                 *      if the output buffer was large enough.
 
211
                 */
 
212
                snprintf(buffer, sizeof(buffer), "%d", numaffected);
 
213
                ret = strlen(buffer);
 
214
                if (ret >= freespace){
 
215
                        RDEBUG("rlm_sql (%s): Can't write result, insufficient string space",
 
216
                               inst->config->xlat_name);
 
217
                        (inst->module->sql_finish_query)(sqlsocket,
 
218
                                                         inst->config);
 
219
                        sql_release_socket(inst,sqlsocket);
 
220
                        return 0;
 
221
                }
 
222
                
 
223
                memcpy(out, buffer, ret + 1); /* we did bounds checking above */
 
224
 
 
225
                (inst->module->sql_finish_query)(sqlsocket, inst->config);
 
226
                sql_release_socket(inst,sqlsocket);
 
227
                return ret;
 
228
        } /* else it's a SELECT statement */
 
229
 
163
230
        if (rlm_sql_select_query(sqlsocket,inst,querystr)){
164
231
                radlog(L_ERR, "rlm_sql (%s): database query error, %s: %s",
165
232
                       inst->config->xlat_name,querystr,
171
238
        ret = rlm_sql_fetch_row(sqlsocket, inst);
172
239
 
173
240
        if (ret) {
174
 
                DEBUG("rlm_sql (%s): SQL query did not succeed",
175
 
                      inst->config->xlat_name);
 
241
                RDEBUG("SQL query did not succeed");
176
242
                (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
177
243
                sql_release_socket(inst,sqlsocket);
178
244
                return 0;
180
246
 
181
247
        row = sqlsocket->row;
182
248
        if (row == NULL) {
183
 
                DEBUG("rlm_sql (%s): SQL query did not return any results",
184
 
                      inst->config->xlat_name);
 
249
                RDEBUG("SQL query did not return any results");
185
250
                (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
186
251
                sql_release_socket(inst,sqlsocket);
187
252
                return 0;
188
253
        }
189
254
 
190
255
        if (row[0] == NULL){
191
 
                DEBUG("rlm_sql (%s): row[0] returned NULL",
192
 
                      inst->config->xlat_name);
 
256
                RDEBUG("row[0] returned NULL");
193
257
                (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
194
258
                sql_release_socket(inst,sqlsocket);
195
259
                return 0;
196
260
        }
197
261
        ret = strlen(row[0]);
198
262
        if (ret >= freespace){
199
 
                DEBUG("rlm_sql (%s): sql_xlat:: Insufficient string space",
200
 
                      inst->config->xlat_name);
 
263
                RDEBUG("Insufficient string space");
201
264
                (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
202
265
                sql_release_socket(inst,sqlsocket);
203
266
                return 0;
205
268
 
206
269
        strlcpy(out,row[0],freespace);
207
270
 
208
 
        DEBUG("rlm_sql (%s): - sql_xlat finished",
209
 
              inst->config->xlat_name);
 
271
        RDEBUG("sql_xlat finished");
210
272
 
211
273
        (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
212
274
        sql_release_socket(inst,sqlsocket);
280
342
                c = rad_malloc(sizeof(*c));
281
343
                memset(c, 0, sizeof(*c));
282
344
 
 
345
#ifdef WITH_DYNAMIC_CLIENTS
 
346
                c->dynamic = 1;
 
347
#endif
 
348
 
283
349
                /*
284
350
                 *      Look for prefixes
285
351
                 */
303
369
                if (ip_hton(row[1], AF_UNSPEC, &c->ipaddr) < 0) {
304
370
                        radlog(L_CONS|L_ERR, "rlm_sql (%s): Failed to look up hostname %s: %s",
305
371
                               inst->config->xlat_name,
306
 
                               row[1], librad_errstr);
 
372
                               row[1], fr_strerror());
307
373
                        free(c);
308
374
                        continue;
309
375
                } else {
429
495
        }
430
496
 
431
497
        strlcpy(sqlusername, tmpuser, MAX_STRING_LEN);
432
 
        DEBUG2("rlm_sql (%s): sql_set_user escaped user --> '%s'",
433
 
                       inst->config->xlat_name, sqlusername);
434
 
        vp = pairmake("SQL-User-Name", sqlusername, 0);
435
 
        if (vp == NULL) {
436
 
                radlog(L_ERR, "%s", librad_errstr);
 
498
        RDEBUG2("sql_set_user escaped user --> '%s'", sqlusername);
 
499
        vp = radius_pairmake(request, &request->packet->vps,
 
500
                             "SQL-User-Name", NULL, 0);
 
501
        if (!vp) {
 
502
                radlog(L_ERR, "%s", fr_strerror());
437
503
                return -1;
438
504
        }
439
505
 
440
 
        pairadd(&request->packet->vps, vp);
 
506
        strlcpy(vp->vp_strvalue, tmpuser, sizeof(vp->vp_strvalue));
 
507
        vp->length = strlen(vp->vp_strvalue);
 
508
 
441
509
        return 0;
442
510
 
443
511
}
471
539
                return 0;
472
540
 
473
541
        if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, request, sql_escape_func)) {
474
 
                radlog(L_ERR, "rlm_sql (%s): xlat failed.",
475
 
                        inst->config->xlat_name);
 
542
                radlog_request(L_ERR, 0, request, "xlat \"%s\" failed.",
 
543
                               inst->config->groupmemb_query);
476
544
                return -1;
477
545
        }
478
546
 
479
547
        if (rlm_sql_select_query(sqlsocket, inst, querystr) < 0) {
480
 
                radlog(L_ERR, "rlm_sql (%s): database query error, %s: %s",
481
 
                       inst->config->xlat_name,querystr,
 
548
                radlog_request(L_ERR, 0, request,
 
549
                               "database query error, %s: %s",
 
550
                               querystr,
482
551
                       (inst->module->sql_error)(sqlsocket,inst->config));
483
552
                return -1;
484
553
        }
487
556
                if (row == NULL)
488
557
                        break;
489
558
                if (row[0] == NULL){
490
 
                        DEBUG("rlm_sql (%s): row[0] returned NULL",
491
 
                                inst->config->xlat_name);
 
559
                        RDEBUG("row[0] returned NULL");
492
560
                        (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
493
561
                        sql_grouplist_free(group_list);
494
562
                        return -1;
497
565
                        *group_list = rad_malloc(sizeof(SQL_GROUPLIST));
498
566
                        group_list_tmp = *group_list;
499
567
                } else {
 
568
                        rad_assert(group_list_tmp != NULL);
500
569
                        group_list_tmp->next = rad_malloc(sizeof(SQL_GROUPLIST));
501
570
                        group_list_tmp = group_list_tmp->next;
502
571
                }
517
586
 * username will then be checked with the passed check string.
518
587
 */
519
588
 
520
 
static int sql_groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check,
 
589
static int sql_groupcmp(void *instance, REQUEST *request, VALUE_PAIR *request_vp, VALUE_PAIR *check,
521
590
                        VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
522
591
{
523
592
        SQLSOCK *sqlsocket;
527
596
 
528
597
        check_pairs = check_pairs;
529
598
        reply_pairs = reply_pairs;
530
 
        request = request;
 
599
        request_vp = request_vp;
531
600
 
532
 
        DEBUG("rlm_sql (%s): - sql_groupcmp", inst->config->xlat_name);
 
601
        RDEBUG("sql_groupcmp");
533
602
        if (!check || !check->vp_strvalue || !check->length){
534
 
                DEBUG("rlm_sql (%s): sql_groupcmp: Illegal group name",
535
 
                      inst->config->xlat_name);
 
603
                RDEBUG("sql_groupcmp: Illegal group name");
536
604
                return 1;
537
605
        }
538
 
        if (req == NULL){
539
 
                DEBUG("rlm_sql (%s): sql_groupcmp: NULL request",
540
 
                      inst->config->xlat_name);
 
606
        if (!request){
 
607
                RDEBUG("sql_groupcmp: NULL request");
541
608
                return 1;
542
609
        }
543
610
        /*
544
611
         * Set, escape, and check the user attr here
545
612
         */
546
 
        if (sql_set_user(inst, req, sqlusername, NULL) < 0)
 
613
        if (sql_set_user(inst, request, sqlusername, NULL) < 0)
547
614
                return 1;
548
615
 
549
616
        /*
552
619
        sqlsocket = sql_get_socket(inst);
553
620
        if (sqlsocket == NULL) {
554
621
                /* Remove the username we (maybe) added above */
555
 
                pairdelete(&req->packet->vps, PW_SQL_USER_NAME);
 
622
                pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
556
623
                return 1;
557
624
        }
558
625
 
559
626
        /*
560
627
         *      Get the list of groups this user is a member of
561
628
         */
562
 
        if (sql_get_grouplist(inst, sqlsocket, req, &group_list) < 0) {
563
 
                radlog(L_ERR, "rlm_sql (%s): Error getting group membership",
564
 
                       inst->config->xlat_name);
 
629
        if (sql_get_grouplist(inst, sqlsocket, request, &group_list) < 0) {
 
630
                radlog_request(L_ERR, 0, request,
 
631
                               "Error getting group membership");
565
632
                /* Remove the username we (maybe) added above */
566
 
                pairdelete(&req->packet->vps, PW_SQL_USER_NAME);
 
633
                pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
567
634
                sql_release_socket(inst, sqlsocket);
568
635
                return 1;
569
636
        }
570
637
 
571
638
        for (group_list_tmp = group_list; group_list_tmp != NULL; group_list_tmp = group_list_tmp->next) {
572
639
                if (strcmp(group_list_tmp->groupname, check->vp_strvalue) == 0){
573
 
                        DEBUG("rlm_sql (%s): - sql_groupcmp finished: User is a member of group %s",
574
 
                              inst->config->xlat_name,
575
 
                              (char *)check->vp_strvalue);
 
640
                        RDEBUG("sql_groupcmp finished: User is a member of group %s",
 
641
                               check->vp_strvalue);
576
642
                        /* Free the grouplist */
577
643
                        sql_grouplist_free(&group_list);
578
644
                        /* Remove the username we (maybe) added above */
579
 
                        pairdelete(&req->packet->vps, PW_SQL_USER_NAME);
 
645
                        pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
580
646
                        sql_release_socket(inst, sqlsocket);
581
647
                        return 0;
582
648
                }
585
651
        /* Free the grouplist */
586
652
        sql_grouplist_free(&group_list);
587
653
        /* Remove the username we (maybe) added above */
588
 
        pairdelete(&req->packet->vps, PW_SQL_USER_NAME);
 
654
        pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
589
655
        sql_release_socket(inst,sqlsocket);
590
656
 
591
 
        DEBUG("rlm_sql (%s): - sql_groupcmp finished: User is NOT a member of group %s",
592
 
              inst->config->xlat_name, (char *)check->vp_strvalue);
 
657
        RDEBUG("sql_groupcmp finished: User is NOT a member of group %s",
 
658
               check->vp_strvalue);
593
659
 
594
660
        return 1;
595
661
}
610
676
         *      Get the list of groups this user is a member of
611
677
         */
612
678
        if (sql_get_grouplist(inst, sqlsocket, request, &group_list) < 0) {
613
 
                radlog(L_ERR, "rlm_sql (%s): Error retrieving group list",
614
 
                       inst->config->xlat_name);
 
679
                radlog_request(L_ERR, 0, request, "Error retrieving group list");
615
680
                return -1;
616
681
        }
617
682
 
622
687
                 */
623
688
                sql_group = pairmake("Sql-Group", group_list_tmp->groupname, T_OP_EQ);
624
689
                if (!sql_group) {
625
 
                        radlog(L_ERR, "rlm_sql (%s): Error creating Sql-Group attribute",
626
 
                               inst->config->xlat_name);
 
690
                        radlog_request(L_ERR, 0, request,
 
691
                                       "Error creating Sql-Group attribute");
627
692
                        return -1;
628
693
                }
629
694
                pairadd(&request->packet->vps, sql_group);
630
695
                if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_check_query, request, sql_escape_func)) {
631
 
                        radlog(L_ERR, "rlm_sql (%s): Error generating query; rejecting user",
632
 
                               inst->config->xlat_name);
 
696
                        radlog_request(L_ERR, 0, request,
 
697
                                       "Error generating query; rejecting user");
633
698
                        /* Remove the grouup we added above */
634
699
                        pairdelete(&request->packet->vps, PW_SQL_GROUP);
635
700
                        return -1;
636
701
                }
637
702
                rows = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr);
638
703
                if (rows < 0) {
639
 
                        radlog(L_ERR, "rlm_sql (%s): Error retrieving check pairs for group %s",
640
 
                               inst->config->xlat_name, group_list_tmp->groupname);
 
704
                        radlog_request(L_ERR, 0, request, "Error retrieving check pairs for group %s",
 
705
                               group_list_tmp->groupname);
641
706
                        /* Remove the grouup we added above */
642
707
                        pairdelete(&request->packet->vps, PW_SQL_GROUP);
643
708
                        pairfree(&check_tmp);
648
713
                         */
649
714
                        if (paircompare(request, request->packet->vps, check_tmp, &request->reply->vps) == 0) {
650
715
                                found = 1;
651
 
                                DEBUG2("rlm_sql (%s): User found in group %s",
652
 
                                        inst->config->xlat_name, group_list_tmp->groupname);
 
716
                                RDEBUG2("User found in group %s",
 
717
                                        group_list_tmp->groupname);
653
718
                                /*
654
719
                                 *      Now get the reply pairs since the paircompare matched
655
720
                                 */
656
721
                                if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func)) {
657
 
                                        radlog(L_ERR, "rlm_sql (%s): Error generating query; rejecting user",
658
 
                                               inst->config->xlat_name);
 
722
                                        radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
659
723
                                        /* Remove the grouup we added above */
660
724
                                        pairdelete(&request->packet->vps, PW_SQL_GROUP);
661
725
                                        pairfree(&check_tmp);
662
726
                                        return -1;
663
727
                                }
664
728
                                if (sql_getvpdata(inst, sqlsocket, &reply_tmp, querystr) < 0) {
665
 
                                        radlog(L_ERR, "rlm_sql (%s): Error retrieving reply pairs for group %s",
666
 
                                               inst->config->xlat_name, group_list_tmp->groupname);
 
729
                                        radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s",
 
730
                                               group_list_tmp->groupname);
667
731
                                        /* Remove the grouup we added above */
668
732
                                        pairdelete(&request->packet->vps, PW_SQL_GROUP);
669
733
                                        pairfree(&check_tmp);
682
746
                         *      match expected behavior
683
747
                         */
684
748
                        found = 1;
685
 
                        DEBUG2("rlm_sql (%s): User found in group %s",
686
 
                                inst->config->xlat_name, group_list_tmp->groupname);
 
749
                        RDEBUG2("User found in group %s",
 
750
                                group_list_tmp->groupname);
687
751
                        /*
688
752
                         *      Now get the reply pairs since the paircompare matched
689
753
                         */
690
754
                        if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func)) {
691
 
                                radlog(L_ERR, "rlm_sql (%s): Error generating query; rejecting user",
692
 
                                       inst->config->xlat_name);
 
755
                                radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
693
756
                                /* Remove the grouup we added above */
694
757
                                pairdelete(&request->packet->vps, PW_SQL_GROUP);
695
758
                                pairfree(&check_tmp);
696
759
                                return -1;
697
760
                        }
698
761
                        if (sql_getvpdata(inst, sqlsocket, &reply_tmp, querystr) < 0) {
699
 
                                radlog(L_ERR, "rlm_sql (%s): Error retrieving reply pairs for group %s",
700
 
                                       inst->config->xlat_name, group_list_tmp->groupname);
 
762
                                radlog_request(L_ERR, 0, request, "Error retrieving reply pairs for group %s",
 
763
                                       group_list_tmp->groupname);
701
764
                                /* Remove the grouup we added above */
702
765
                                pairdelete(&request->packet->vps, PW_SQL_GROUP);
703
766
                                pairfree(&check_tmp);
763
826
                        free(*p);
764
827
                        *p = NULL;
765
828
                }
766
 
                allowed_chars = NULL;
 
829
                /*
 
830
                 *      Catch multiple instances of the module.
 
831
                 */
 
832
                if (allowed_chars == inst->config->allowed_chars) {
 
833
                        allowed_chars = NULL;
 
834
                }
767
835
                free(inst->config);
768
836
                inst->config = NULL;
769
837
        }
792
860
        memset(inst->config, 0, sizeof(SQL_CONFIG));
793
861
 
794
862
        /*
 
863
         *      Export these methods, too.  This avoids RTDL_GLOBAL.
 
864
         */
 
865
        inst->sql_set_user = sql_set_user;
 
866
        inst->sql_get_socket = sql_get_socket;
 
867
        inst->sql_release_socket = sql_release_socket;
 
868
        inst->sql_escape_func = sql_escape_func;
 
869
        inst->sql_query = rlm_sql_query;
 
870
        inst->sql_select_query = rlm_sql_select_query;
 
871
        inst->sql_fetch_row = rlm_sql_fetch_row;
 
872
 
 
873
        /*
795
874
         * If the configuration parameters can't be parsed, then
796
875
         * fail.
797
876
         */
809
888
        }
810
889
 
811
890
        if (inst->config->num_sql_socks > MAX_SQL_SOCKS) {
812
 
                radlog(L_ERR | L_CONS, "rlm_sql (%s): sql_instantiate: number of sqlsockets cannot exceed MAX_SQL_SOCKS, %d",
 
891
                radlog(L_ERR, "rlm_sql (%s): sql_instantiate: number of sqlsockets cannot exceed MAX_SQL_SOCKS, %d",
813
892
                       inst->config->xlat_name, MAX_SQL_SOCKS);
814
893
                rlm_sql_detach(inst);
815
894
                return -1;
819
898
         *      Sanity check for crazy people.
820
899
         */
821
900
        if (strncmp(inst->config->sql_driver, "rlm_sql_", 8) != 0) {
822
 
                radlog(L_ERR, "rlm_sql (%s): \"%s\" is NOT an SQL driver!",
823
 
                       inst->config->xlat_name, inst->config->sql_driver);
 
901
                radlog(L_ERR, "\"%s\" is NOT an SQL driver!",
 
902
                       inst->config->sql_driver);
824
903
                rlm_sql_detach(inst);
825
904
                return -1;
826
905
        }
827
906
 
828
907
        inst->handle = lt_dlopenext(inst->config->sql_driver);
829
908
        if (inst->handle == NULL) {
830
 
                radlog(L_ERR, "rlm_sql (%s): Could not link driver %s: %s",
831
 
                       inst->config->xlat_name, inst->config->sql_driver,
 
909
                radlog(L_ERR, "Could not link driver %s: %s",
 
910
                       inst->config->sql_driver,
832
911
                       lt_dlerror());
833
 
                radlog(L_ERR, "rlm_sql (%s): Make sure it (and all its dependent libraries!) are in the search path of your system's ld.",
834
 
                       inst->config->xlat_name);
 
912
                radlog(L_ERR, "Make sure it (and all its dependent libraries!) are in the search path of your system's ld.");
835
913
                rlm_sql_detach(inst);
836
914
                return -1;
837
915
        }
838
916
 
839
917
        inst->module = (rlm_sql_module_t *) lt_dlsym(inst->handle, inst->config->sql_driver);
840
918
        if (!inst->module) {
841
 
                radlog(L_ERR, "rlm_sql (%s): Could not link symbol %s: %s",
842
 
                       inst->config->xlat_name, inst->config->sql_driver,
 
919
                radlog(L_ERR, "Could not link symbol %s: %s",
 
920
                       inst->config->sql_driver,
843
921
                       lt_dlerror());
844
922
                rlm_sql_detach(inst);
845
923
                return -1;
857
935
                rlm_sql_detach(inst);
858
936
                return -1;
859
937
        }
 
938
 
860
939
        paircompare_register(PW_SQL_GROUP, PW_USER_NAME, sql_groupcmp, inst);
861
940
 
862
941
        if (inst->config->do_clients){
863
942
                if (generate_sql_clients(inst) == -1){
864
 
                        radlog(L_ERR, "rlm_sql (%s): generate_sql_clients() returned error",inst->config->xlat_name);
 
943
                        radlog(L_ERR, "Failed to load clients from SQL.");
865
944
                        rlm_sql_detach(inst);
866
945
                        return -1;
867
946
                }
919
998
         * Alright, start by getting the specific entry for the user
920
999
         */
921
1000
        if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_check_query, request, sql_escape_func)) {
922
 
                radlog(L_ERR, "rlm_sql (%s): Error generating query; rejecting user",
923
 
                       inst->config->xlat_name);
 
1001
                radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
924
1002
                sql_release_socket(inst, sqlsocket);
925
1003
                /* Remove the username we (maybe) added above */
926
1004
                pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
928
1006
        }
929
1007
        rows = sql_getvpdata(inst, sqlsocket, &check_tmp, querystr);
930
1008
        if (rows < 0) {
931
 
                radlog(L_ERR, "rlm_sql (%s): SQL query error; rejecting user",
932
 
                       inst->config->xlat_name);
 
1009
                radlog_request(L_ERR, 0, request, "SQL query error; rejecting user");
933
1010
                sql_release_socket(inst, sqlsocket);
934
1011
                /* Remove the username we (maybe) added above */
935
1012
                pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
941
1018
                 */
942
1019
                if (paircompare(request, request->packet->vps, check_tmp, &request->reply->vps) == 0) {
943
1020
                        found = 1;
944
 
                        DEBUG2("rlm_sql (%s): User found in radcheck table", inst->config->xlat_name);
 
1021
                        RDEBUG2("User found in radcheck table");
 
1022
 
 
1023
                        if (inst->config->authorize_reply_query &&
 
1024
                            *inst->config->authorize_reply_query) {
 
1025
 
945
1026
                        /*
946
1027
                         *      Now get the reply pairs since the paircompare matched
947
1028
                         */
948
1029
                        if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_reply_query, request, sql_escape_func)) {
949
 
                                radlog(L_ERR, "rlm_sql (%s): Error generating query; rejecting user",
950
 
                                       inst->config->xlat_name);
 
1030
                                radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
951
1031
                                sql_release_socket(inst, sqlsocket);
952
1032
                                /* Remove the username we (maybe) added above */
953
1033
                                pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
955
1035
                                return RLM_MODULE_FAIL;
956
1036
                        }
957
1037
                        if (sql_getvpdata(inst, sqlsocket, &reply_tmp, querystr) < 0) {
958
 
                                radlog(L_ERR, "rlm_sql (%s): SQL query error; rejecting user",
959
 
                                       inst->config->xlat_name);
 
1038
                                radlog_request(L_ERR, 0, request, "SQL query error; rejecting user");
960
1039
                                sql_release_socket(inst, sqlsocket);
961
1040
                                /* Remove the username we (maybe) added above */
962
1041
                                pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
964
1043
                                pairfree(&reply_tmp);
965
1044
                                return RLM_MODULE_FAIL;
966
1045
                        }
 
1046
 
967
1047
                        if (!inst->config->read_groups)
968
1048
                                dofallthrough = fallthrough(reply_tmp);
969
1049
                        pairxlatmove(request, &request->reply->vps, &reply_tmp);
 
1050
                        }
970
1051
                        pairxlatmove(request, &request->config_items, &check_tmp);
971
1052
                }
972
1053
        }
986
1067
        if (dofallthrough) {
987
1068
                rows = rlm_sql_process_groups(inst, request, sqlsocket, &dofallthrough);
988
1069
                if (rows < 0) {
989
 
                        radlog(L_ERR, "rlm_sql (%s): Error processing groups; rejecting user",
990
 
                               inst->config->xlat_name);
 
1070
                        radlog_request(L_ERR, 0, request, "Error processing groups; rejecting user");
991
1071
                        sql_release_socket(inst, sqlsocket);
992
1072
                        /* Remove the username we (maybe) added above */
993
1073
                        pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
1012
1092
                        if (user_profile != NULL)
1013
1093
                                profile = user_profile->vp_strvalue;
1014
1094
                        if (profile && strlen(profile)){
1015
 
                                radlog(L_DBG, "rlm_sql (%s): Checking profile %s",
1016
 
                                       inst->config->xlat_name, profile);
 
1095
                                RDEBUG("Checking profile %s", profile);
1017
1096
                                if (sql_set_user(inst, request, profileusername, profile) < 0) {
1018
 
                                        radlog(L_ERR, "rlm_sql (%s): Error setting profile; rejecting user",
1019
 
                                               inst->config->xlat_name);
 
1097
                                        radlog_request(L_ERR, 0, request, "Error setting profile; rejecting user");
1020
1098
                                        sql_release_socket(inst, sqlsocket);
1021
1099
                                        /* Remove the username we (maybe) added above */
1022
1100
                                        pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
1030
1108
                if (profile_found) {
1031
1109
                        rows = rlm_sql_process_groups(inst, request, sqlsocket, &dofallthrough);
1032
1110
                        if (rows < 0) {
1033
 
                                radlog(L_ERR, "rlm_sql (%s): Error processing profile groups; rejecting user",
1034
 
                                       inst->config->xlat_name);
 
1111
                                radlog_request(L_ERR, 0, request, "Error processing profile groups; rejecting user");
1035
1112
                                sql_release_socket(inst, sqlsocket);
1036
1113
                                /* Remove the username we (maybe) added above */
1037
1114
                                pairdelete(&request->packet->vps, PW_SQL_USER_NAME);
1047
1124
        sql_release_socket(inst, sqlsocket);
1048
1125
 
1049
1126
        if (!found) {
1050
 
                radlog(L_DBG, "rlm_sql (%s): User %s not found",
1051
 
                       inst->config->xlat_name, sqlusername);
 
1127
                RDEBUG("User %s not found", sqlusername);
1052
1128
                return RLM_MODULE_NOTFOUND;
1053
1129
        } else {
1054
1130
                return RLM_MODULE_OK;
1083
1159
                acctstatustype = pair->vp_integer;
1084
1160
        } else {
1085
1161
                radius_xlat(logstr, sizeof(logstr), "packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL);
1086
 
                radlog(L_ERR, "rlm_sql (%s) in sql_accounting: %s",
1087
 
                       inst->config->xlat_name, logstr);
 
1162
                radlog_request(L_ERR, 0, request, "%s", logstr);
1088
1163
                return RLM_MODULE_INVALID;
1089
1164
        }
1090
1165
 
1095
1170
                         */
1096
1171
                case PW_STATUS_ACCOUNTING_ON:
1097
1172
                case PW_STATUS_ACCOUNTING_OFF:
1098
 
                        radlog(L_INFO, "rlm_sql (%s): received Acct On/Off packet", inst->config->xlat_name);
 
1173
                        RDEBUG("Received Acct On/Off packet");
1099
1174
                        radius_xlat(querystr, sizeof(querystr), inst->config->accounting_onoff_query, request, sql_escape_func);
1100
1175
                        query_log(request, inst, querystr);
1101
1176
 
1104
1179
                                return(RLM_MODULE_FAIL);
1105
1180
                        if (*querystr) { /* non-empty query */
1106
1181
                                if (rlm_sql_query(sqlsocket, inst, querystr)) {
1107
 
                                        radlog(L_ERR, "rlm_sql (%s): Couldn't update SQL accounting for Acct On/Off packet - %s",
1108
 
                                               inst->config->xlat_name,
 
1182
                                        radlog_request(L_ERR, 0, request, "Couldn't update SQL accounting for Acct On/Off packet - %s",
1109
1183
                                               (inst->module->sql_error)(sqlsocket, inst->config));
1110
1184
                                        ret = RLM_MODULE_FAIL;
1111
1185
                                }
1132
1206
                                return(RLM_MODULE_FAIL);
1133
1207
                        if (*querystr) { /* non-empty query */
1134
1208
                                if (rlm_sql_query(sqlsocket, inst, querystr)) {
1135
 
                                        radlog(L_ERR, "rlm_sql (%s): Couldn't update SQL accounting ALIVE record - %s",
1136
 
                                               inst->config->xlat_name,
 
1209
                                        radlog_request(L_ERR, 0, request, "Couldn't update SQL accounting ALIVE record - %s",
1137
1210
                                               (inst->module->sql_error)(sqlsocket, inst->config));
1138
1211
                                        ret = RLM_MODULE_FAIL;
1139
1212
                                }
1151
1224
                                                query_log(request, inst, querystr);
1152
1225
                                                if (*querystr) { /* non-empty query */
1153
1226
                                                        if (rlm_sql_query(sqlsocket, inst, querystr)) {
1154
 
                                                                radlog(L_ERR, "rlm_sql (%s): Couldn't insert SQL accounting ALIVE record - %s",
1155
 
                                                                       inst->config->xlat_name,
 
1227
                                                                radlog_request(L_ERR, 0, request, "Couldn't insert SQL accounting ALIVE record - %s",
1156
1228
                                                                       (inst->module->sql_error)(sqlsocket, inst->config));
1157
1229
                                                                ret = RLM_MODULE_FAIL;
1158
1230
                                                        }
1182
1254
                                return(RLM_MODULE_FAIL);
1183
1255
                        if (*querystr) { /* non-empty query */
1184
1256
                                if (rlm_sql_query(sqlsocket, inst, querystr)) {
1185
 
                                        radlog(L_ERR, "rlm_sql (%s): Couldn't insert SQL accounting START record - %s",
1186
 
                                               inst->config->xlat_name,
 
1257
                                        radlog_request(L_ERR, 0, request, "Couldn't insert SQL accounting START record - %s",
1187
1258
                                               (inst->module->sql_error)(sqlsocket, inst->config));
1188
1259
 
1189
1260
                                        /*
1196
1267
 
1197
1268
                                        if (*querystr) { /* non-empty query */
1198
1269
                                                if (rlm_sql_query(sqlsocket, inst, querystr)) {
1199
 
                                                        radlog(L_ERR, "rlm_sql (%s): Couldn't update SQL accounting START record - %s",
1200
 
                                                               inst->config->xlat_name,
 
1270
                                                        radlog_request(L_ERR, 0, request, "Couldn't update SQL accounting START record - %s",
1201
1271
                                                               (inst->module->sql_error)(sqlsocket, inst->config));
1202
1272
                                                        ret = RLM_MODULE_FAIL;
1203
1273
                                                }
1226
1296
                                return(RLM_MODULE_FAIL);
1227
1297
                        if (*querystr) { /* non-empty query */
1228
1298
                                if (rlm_sql_query(sqlsocket, inst, querystr)) {
1229
 
                                        radlog(L_ERR, "rlm_sql (%s): Couldn't update SQL accounting STOP record - %s",
1230
 
                                               inst->config->xlat_name,
 
1299
                                        radlog_request(L_ERR, 0, request, "Couldn't update SQL accounting STOP record - %s",
1231
1300
                                               (inst->module->sql_error)(sqlsocket, inst->config));
1232
1301
                                        ret = RLM_MODULE_FAIL;
1233
1302
                                }
1252
1321
 
1253
1322
                                                if (acctsessiontime <= 0) {
1254
1323
                                                        radius_xlat(logstr, sizeof(logstr), "stop packet with zero session length. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL);
1255
 
                                                        radlog(L_ERR, "rlm_sql (%s) in sql_accounting: %s", inst->config->xlat_name, logstr);
 
1324
                                                        radlog_request(L_ERR, 0, request, "%s", logstr);
1256
1325
                                                        sql_release_socket(inst, sqlsocket);
1257
1326
                                                        ret = RLM_MODULE_NOOP;
1258
1327
                                                }
1263
1332
 
1264
1333
                                                if (*querystr) { /* non-empty query */
1265
1334
                                                        if (rlm_sql_query(sqlsocket, inst, querystr)) {
1266
 
                                                                radlog(L_ERR, "rlm_sql (%s): Couldn't insert SQL accounting STOP record - %s",
1267
 
                                                                       inst->config->xlat_name,
 
1335
                                                                radlog_request(L_ERR, 0, request, "Couldn't insert SQL accounting STOP record - %s",
 
1336
 
1268
1337
                                                                       (inst->module->sql_error)(sqlsocket, inst->config));
1269
1338
                                                                ret = RLM_MODULE_FAIL;
1270
1339
                                                        }
1280
1349
                         *      Anything else is ignored.
1281
1350
                         */
1282
1351
                default:
1283
 
                        radlog(L_INFO, "rlm_sql (%s): Unsupported Acct-Status-Type = %d", inst->config->xlat_name, acctstatustype);
 
1352
                        RDEBUG("Unsupported Acct-Status-Type = %d",
 
1353
                       acctstatustype);
1284
1354
                        return RLM_MODULE_NOOP;
1285
1355
                        break;
1286
1356
 
1322
1392
        }
1323
1393
 
1324
1394
        if((request->username == NULL) || (request->username->length == 0)) {
1325
 
                radlog(L_ERR, "rlm_sql (%s): Zero Length username not permitted\n", inst->config->xlat_name);
 
1395
                radlog_request(L_ERR, 0, request, "Zero Length username not permitted\n");
1326
1396
                return RLM_MODULE_INVALID;
1327
1397
        }
1328
1398
 
1378
1448
 
1379
1449
        radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func);
1380
1450
        if(rlm_sql_select_query(sqlsocket, inst, querystr)) {
1381
 
                radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name);
 
1451
                radlog_request(L_ERR, 0, request, "Database query error");
1382
1452
                sql_release_socket(inst, sqlsocket);
1383
1453
                return RLM_MODULE_FAIL;
1384
1454
        }
1401
1471
                if (!row[2]){
1402
1472
                        (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
1403
1473
                        sql_release_socket(inst, sqlsocket);
1404
 
                        DEBUG("rlm_sql (%s): Cannot zap stale entry. No username present in entry.", inst->config->xlat_name);
 
1474
                        RDEBUG("Cannot zap stale entry. No username present in entry.", inst->config->xlat_name);
1405
1475
                        return RLM_MODULE_FAIL;
1406
1476
                }
1407
1477
                if (!row[1]){
1408
1478
                        (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
1409
1479
                        sql_release_socket(inst, sqlsocket);
1410
 
                        DEBUG("rlm_sql (%s): Cannot zap stale entry. No session id in entry.", inst->config->xlat_name);
 
1480
                        RDEBUG("Cannot zap stale entry. No session id in entry.", inst->config->xlat_name);
1411
1481
                        return RLM_MODULE_FAIL;
1412
1482
                }
1413
1483
                if (row[3])
1463
1533
                         */
1464
1534
                        (inst->module->sql_finish_select_query)(sqlsocket, inst->config);
1465
1535
                        sql_release_socket(inst, sqlsocket);
1466
 
                        radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Failed to check the terminal server for user '%s'.", inst->config->xlat_name, row[2]);
 
1536
                        radlog_request(L_ERR, 0, request, "Failed to check the terminal server for user '%s'.", row[2]);
1467
1537
                        return RLM_MODULE_FAIL;
1468
1538
                }
1469
1539
        }
1488
1558
        char            querystr[MAX_QUERY_LEN];
1489
1559
        char            sqlusername[MAX_STRING_LEN];
1490
1560
 
1491
 
        DEBUG("rlm_sql (%s): Processing sql_postauth", inst->config->xlat_name);
1492
 
 
1493
1561
        if(sql_set_user(inst, request, sqlusername, NULL) < 0)
1494
1562
                return RLM_MODULE_FAIL;
1495
1563